This has shipped to all organizations.

We are happy to announce that we are rolling out the ability to enforce single sign-on for external users to all Atlassian customers over the next couple weeks!

You can read more about how single sign-on for external users will work in this community article! 

You can also preview a demo video of the feature here.

Expect to see this available in your Atlassian org sometime in the next couple weeks. We will update this ticket again when we are 100% rolled out.

Thank you again for all your feedback, we hope this feature helps you all collaborate more securely. 

I also just tested this, and where you might be using the Atlassian mulitple portals, the customer is sent back a url for the wrong portal.  

We use AzureAD (entraID) as IDP. After an external guest account has been created and the user has accepted the invitation, he can select the "Atlassian Cloud" icon on https://myapplications.microsoft.com/
SSO does not currently work for AzureAD guest accounts with "something went wrong"

Does not provide this feature a solution for our usecase?

@22b0dec13df2 - I have reported similar issue as well. It appears that IDP initiated sign in flow is not supported yet. If users use the Atlassian site's URL, they are able to sign in (Service Provider initiated flow). I would like to see IDP initiated flow working as well. @66c2a9d5cc86 

It's not working for our Organization.  Users within our organization are "successfully" signing into our IDP(Entra says Success) but getting an error message once re-directed back to our site saying something went wrong, try again later.

Is there an update on this?

Is anyone testing this in the EAP?

We are in the process of enabling SSO through Access for all the Atlassian products that we use. 

In addition to the users from our own domain, we also have several users from different domains. These users are either from our customers or vendors who access our own instance of Atlassian products to collaborate with us across several projects we work with them.

All of the users (from our own domain and external domains) are already federated to our identity provider instance. External users use their own domain email address as login to access the products that we offer them.

So, making this feature available or allowing a domain to be verified/claimed by multiple Atlassian instances (https://jira.atlassian.com/browse/ACCESS-1450) is a very critical one for us to continue use Atlassian products efficiently. When will make this feature to be available for us or General Availability to use? 

When will the EAP start? We need this feature urgently!
To be honest, I'm a little confused that this function isn't working yet!

Update as of February 2, 2024:
We are still on track to release this EAP to selected customers in Q1 2024 by March. Please keep posted for further updates and monitor your EAP tickets. ** 

If you are interested in joining this EUS SSO EAP please register your interest here. Please note we have limited space in the EAP and will be evaluating each customer who applies, we will notify selected customers by mid-February 2024.

This is planned as an enhancement to the external user security feature, wherein the currently supported method of 2FA is a one-time password (OTP) sent to external users via email.